NEW QUESTION 1

Your company has an Azure App Service plan that is used to deploy containerized web apps. You are
designing a secure DevOps strategy for deploying the web apps to the App Service plan. You need to recommend a strategy to integrate code scanning tools into a secure software development lifecycle. The code must be scanned during the following two phases:
Uploading the code to repositories Building containers
Where should you integrate code scanning for each phase? To answer, select the appropriate options in the answer area.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).
You need to recommend a security standard for onboarding applications to Azure. The standard will include
recommendations for application design, development, and deployment What should you include during the application design phase?

• A. static application security testing (SAST) by using SonarQube
• B. dynamic application security testing (DAST) by using Veracode
• C. threat modeling by using the Microsoft Threat Modeling Tool
• D. software decomposition by using Microsoft Visual Studio Enterprise

Answer: D

NEW QUESTION 3

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?

• A. Azure Active Directory Domain Services (Azure AD DS)
• B. Azure Active Directory (Azure AD) B2C
• C. Azure Active Directory (Azure AD)
• D. Active Directory Domain Services (AD DS)

Answer: A

NEW QUESTION 4

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?

• A. Azure Event Hubs
• B. Azure Data Factor
• C. a Microsoft Sentinel workbook
• D. a Microsoft Sentinel data connector

Answer: C

NEW QUESTION 5

You have 50 Azure subscriptions.
You need to monitor resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions.
NOTE: Each correct selection is worth one point.

• A. Assign an initiative to a management group.
• B. Assign a blueprint to each subscription.
• C. Assign a policy to each subscription.
• D. Assign a blueprint to a management group.
• E. Assign an initiative to each subscription.
• F. Assign a policy to a management group.

Answer: CD

NEW QUESTION 6

A customer has a Microsoft 365 E5 subscription and an Azure subscription.
The customer wants to centrally manage security incidents, analyze log, audit activity, and hunt for potential threats across all deployed services.
You need to recommend a solution for the customer. The solution must minimize costs. What should you include in the recommendation?

• A. Microsoft 365 Defender
• B. Microsoft Defender for Cloud
• C. Microsoft Defender for Cloud Apps
• D. Microsoft Sentinel

Answer: D

NEW QUESTION 7

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool.
Which type of diagram should you create?

• A. dataflow
• B. system flow
• C. process flow
• D. network flow

Answer: C

NEW QUESTION 8

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Azure AD Conditional Access integration with user flows and custom policies
• B. Azure AD workbooks to monitor risk detections
• C. custom resource owner password credentials (ROPC) flows in Azure AD B2C
• D. access packages in Identity Governance
• E. smart account lockout in Azure AD B2C

Answer: BE

NEW QUESTION 10

You need to recommend a strategy for routing internet-bound traffic from the landing zones. The solution must meet the landing zone requirements.
What should you recommend as part of the landing zone deployment?

• A. service chaining
• B. local network gateways
• C. forced tunneling
• D. a VNet-to-VNet connection

Answer: A

NEW QUESTION 11

Azure subscription that uses Azure Storage.
The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be
t\me-Vim\ted. What should you include in the recommendation?

• A. Create shared access signatures (SAS).
• B. Share the connection string of the access key.
• C. Configure private link connections.
• D. Configure encryption by using customer-managed keys (CMKs)

Answer: D

NEW QUESTION 12

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation?

• A. Onboard the virtual machines to Microsoft Defender for Endpoint.
• B. Onboard the virtual machines to Azure Arc.
• C. Create a device compliance policy in Microsoft Endpoint Manager.
• D. Enable the Qualys scanner in Defender for Cloud.

Answer: A

NEW QUESTION 13

Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DSV You need to recommend an identity security strategy that meets the following requirements:
• Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website
• Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned
The solution must minimize the need to deploy additional infrastructure components. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

You need to recommend a solution to meet the AWS requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

You need to recommend a strategy for App Service web app connectivity. The solution must meet the landing zone requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

Your company has devices that run either Windows 10, Windows 11, or Windows Server. You are in the process of improving the security posture of the devices.
You plan to use security baselines from the Microsoft Security Compliance Toolkit.
What should you recommend using to compare the baselines to the current device configurations?

• A. Microsoft Intune
• B. Policy Analyzer
• C. Local Group Policy Object (LGPO)
• D. Windows Autopilot

Answer: D

NEW QUESTION 17
......